Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Wirus - Wirus safe finder

Tomek913913 29 Mar 2016 22:09 807 2
  • Pomocny post
    #2 29 Mar 2016 22:43
    krzychupar
    Poziom 41  

    Otwórz notatnik systemowy i wklej:
    Task: {0419EE17-19F9-4EA2-BA8E-B6F6BAF0DA4C} - System32\Tasks\{6933B2AE-2C89-4F64-A516-36F852163DA6} => pcalua.exe -a "C:\Program Files (x86)\DiscountExt\DiscountExt.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
    Task: {657188D6-FCBC-4BF9-9C95-C2EF440CD7A7} - System32\Tasks\{B5847506-D98B-4E44-BBD7-09E7A4BED10F} => pcalua.exe -a "C:\Users\Tomasz\Desktop\MinecraftZyczu (1).exe" -d C:\Users\Tomasz\Desktop
    Task: {C572910E-899D-4ED0-8AAF-BA6BB74D5D71} - System32\Tasks\{4620C6E3-4B1F-40B9-AFCA-5B9EA7F42CD3} => pcalua.exe -a C:\Users\Tomasz\Desktop\MinecraftZyczu.exe -d C:\Users\Tomasz\Desktop
    Task: {C9B543AE-C73F-4B65-8000-93416ADBDAE3} - System32\Tasks\{5B14C21C-0F15-4DFA-9DF3-2E33B253B1D6} => pcalua.exe -a C:\Users\Kasia\Downloads\cjb6200PO.exe -d C:\Users\Kasia\Downloads
    () C:\ProgramData\Quotenamron\Quotenamron.exeHKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-566760747-40817201-1853202738-1001\...\MountPoints2: {120d3249-4c56-11e3-afed-806e6f6e6963} - E:\SETUP.EXE
    HKU\S-1-5-21-566760747-40817201-1853202738-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {120d3249-4c56-11e3-afed-806e6f6e6963} - E:\SETUP.EXE
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-566760747-40817201-1853202738-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-566760747-40817201-1853202738-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {9795dfcf-4c60-11e3-a9e6-806e6f6e6963} - E:\152510000006009_XII_C_2218_12_8_20140820_090847\ReCourt-Player.exe
    HKU\S-1-5-21-566760747-40817201-1853202738-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    AppInit_DLLs: C:\ProgramData\Quotenamron\Re-Fix.dll => C:\ProgramData\Quotenamron\Re-Fix.dll [363520 2016-03-29] ()
    AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Geofan.dll => C:\ProgramData\Quotenamron\Geofan.dll [257536 2016-03-29] ()
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (Brak pliku)
    HKU\S-1-5-21-566760747-40817201-1853202738-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}




    HKU\S-1-5-21-566760747-40817201-1853202738-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...XCwBUjJLqaWVt_JwF1NjlfYB_kZQw74Y2v9qMNOfq7EXa
    HKU\S-1-5-21-566760747-40817201-1853202738-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    HKU\S-1-5-21-566760747-40817201-1853202738-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...XCwBUjJLqaWVt_JwF1NjlfYB_kZQw74Y2v9qMNOfq7EXa
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...GDrc9Ik4oOjrxZVvsyCHRmaLYRGoKUHiltBW7W3SSn&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-566760747-40817201-1853202738-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {232247D5-29C6-46CA-BC20-951FF3BDDDD5} URL = hxxp://www.google.com/search?hl=pl&q={searchTerms}
    FF Homepage: C:\ProgramData\Quotenamron\ff.HP
    FF NewTab: C:\ProgramData\Quotenamron\ff.NT
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF HKU\S-1-5-21-566760747-40817201-1853202738-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => nie znaleziono
    CHR HomePage: Default -> hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F...0c37HTMbxSZewDUXJSd7c9lr8XaAsiXO1AXn4y8eUITH_
    CHR DefaultSearchURL: Default -> hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...ixnsVW85s7WEIqJI6-2XnZA9ynID31kTirWRoNcdOE&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> feed.sonic-search.com
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
    CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
    R2 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [774144 2016-03-19] () [Brak podpisu cyfrowego]
    S2 HPSLPSVC; C:\Users\Tomasz\AppData\Local\Temp\7zS61D1\hpslpsvc64.dll [X]
    2016-03-19 19:02 - 2016-03-19 19:02 - 06493696 _____ C:\Users\Tomasz\AppData\Roaming\agent.dat
    2016-03-19 19:02 - 2016-03-19 19:02 - 01622056 _____ C:\Users\Tomasz\AppData\Roaming\Geolam.tst
    2016-03-19 19:02 - 2016-03-19 19:02 - 00774144 _____ C:\Users\Tomasz\AppData\Roaming\Geolam.exe
    2016-03-19 19:02 - 2016-03-19 19:02 - 00400445 _____ C:\Users\Tomasz\AppData\Roaming\Sancore.bin
    2016-03-19 19:02 - 2016-03-19 19:02 - 00127488 _____ C:\Users\Tomasz\AppData\Roaming\Installer.dat
    2016-03-19 19:02 - 2016-03-19 19:02 - 00126464 _____ C:\Users\Tomasz\AppData\Roaming\noah.dat
    2016-03-19 19:02 - 2016-03-19 19:02 - 00065232 _____ C:\Users\Tomasz\AppData\Roaming\Config.xml
    2016-03-19 19:02 - 2016-03-19 19:02 - 00018432 _____ C:\Users\Tomasz\AppData\Roaming\Main.dat
    2016-03-19 19:02 - 2016-03-19 19:02 - 00014256 _____ C:\Users\Tomasz\AppData\Roaming\InstallationConfiguration.xml
    2016-03-19 19:02 - 2016-03-19 19:02 - 00005568 _____ C:\Users\Tomasz\AppData\Roaming\md.xml
    2016-03-29 21:48 - 2015-02-24 20:36 - 00000000 ____D C:\AdwCleaner
    2016-03-19 19:02 - 2016-03-29 21:48 - 00000000 ____D C:\ProgramData\Quotenamron
    2015-08-11 14:38 - 2015-08-11 14:42 - 0066092 _____ () C:\Users\Tomasz\AppData\Roaming\1.zip
    2015-08-11 14:38 - 2015-08-11 14:42 - 0088443 _____ () C:\Users\Tomasz\AppData\Roaming\2.txt
    2014-09-27 15:58 - 2014-09-27 15:58 - 0000004 _____ () C:\Users\Tomasz\AppData\Roaming\appdataFr2.bin
    2016-03-19 19:02 - 2016-03-19 19:02 - 0400445 _____ () C:\Users\Tomasz\AppData\Roaming\Sancore.bin
    2005-05-20 15:01 - 2014-12-28 23:44 - 0219652 ____H () C:\Users\Tomasz\AppData\Roaming\Tomaszlog.dat
    2016-03-19 19:02 - 2016-03-19 19:02 - 0032038 _____ () C:\Users\Tomasz\AppData\Roaming\uninstall_temp.ico
    2014-04-05 23:37 - 2014-09-27 15:37 - 0000112 _____ () C:\Users\Tomasz\AppData\Roaming\WB.CFG
    2014-02-09 22:27 - 2014-02-09 22:34 - 0004608 _____ () C:\Users\Tomasz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-10-30 21:31 - 2014-10-30 21:31 - 0002489 _____ () C:\Users\Tomasz\AppData\Local\recently-used.xbel
    2015-06-20 17:44 - 2015-06-20 17:44 - 0007598 _____ () C:\Users\Tomasz\AppData\Local\Resmon.ResmonCfg
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 29 Mar 2016 23:50
    Tomek913913
    Poziom 5  

    Dziękuję bardzo, problem zniknął. Jak dobrze, że jest coś takiego jak ta strona - zawsze mi pomagacie. :D Dzięki jeszcze raz. Zamykam.
    Wirus - Wirus safe finder

    0